Sarah advises clients across the full spectrum of cybersecurity risk management, including proactive advisory and compliance services, risk assessments, technology contracts and vendor risk management, and security incident response.

As an ANSI-Accredited Certified Information Privacy Professional/United States (CIPP/US) from the International Association of Privacy Professionals (IAPP), Sarah has extensive experience guiding clients through the legal and business aspects of cyber risk mitigation.

She has performed hundreds of cybersecurity risk assessments for private equity portfolio companies and has advised a variety of organizations, from Fortune 500 companies to tech start-ups, across all industry verticals.

Clients appreciate Sarah’s ability to simplify the complex and handle high pressure situations with an even-keeled manner, focusing on pragmatic business solutions to cyber risk issues.

She is a frequent speaker and author on cybersecurity risk management topics and former adjunct cybersecurity law professor.

Experience

  • Guiding clients through cybersecurity incident response
  • Facilitating cybersecurity risk assessments
  • Developing cybersecurity policies, procedures and governance programs to align with regulatory requirements
  • Performing cybersecurity awareness and incident response readiness training and tabletop exercises
  • Negotiating cyber risk issues in technology contracts (vendor and customer)
  • Providing strategic advice during transactions involving cybersecurity risk
  • Evaluating cyber liability insurance coverage

Education

  • University of Alabama School of Law (J.D., magna cum laude, 2011)
    • Alabama Law Review, Articles Editor
    • Hugo Black Scholar; Order of the Coif
    • John A. Campbell Moot Court Board; ABA National Moot Court Team
  • University of Alabama (B.A., summa cum laude, 2008)
    • University Honors Program, Phi Beta Kappa

Bar Admission

  • Alabama

Court Admissions

  • U.S. District Court, Northern District of Alabama
  • U.S. District Court, Middle District of Alabama

Professional Affiliations

  • International Association of Privacy Professionals
  • Alabama State Bar Association – Vice Chair of Alabama State Bar Cybersecurity Task Force
  • InfraGard
  • American Bar Association, Litigation and Science and Technology Law Sections

Recognition

  • Named one of Best Lawyers: Ones to Watch® in America in:
    • Commercial Litigation, 2022-2026
    • Intellectual Property Law, 2024-2026
    • Privacy and Data Security Law 2022-2026
    • Technology Law, 2024-2026
  • Recognized by the Birmingham Business Journal as a “NextGen Law Honoree” (2021)
Publications
All Publications
New GSA Guidance on Protecting CUI in Contractor Systems, Plus a Look Ahead at Pending FAR Changes
Key Takeaways: GSA released detailed procedural guidance for protecting CUI in nonfederal systems, and a proposed FAR rule would further standardize CUI handling, documentation and incident reporting across federal contracts. Together, these developments signal a shift toward uniform federal expectations for protecting CUI, driven by government priorities to standardize documentation, incident reporting timelines and contractor accountability across all agencies. Contractors should proactively review their CUI management practices, assess readiness against GSA’s phased implementation roadmap and begin aligning incident-response procedures with anticipated FAR changes. For many contractors, Controlled Unclassified Information (CUI) has been a moving target, identified through markings and agency-specific practices, with cybersecurity and reporting expectations that can look different from one procurement to the next. The newest CUI development is the U.S. General Services
Read More
Seizing the Moment: Leveraging CMMC as an Opportunity to Enhance Cyber Risk Management
Sarah Glover, Erin Felix and Mary Ann Quinn warn that CMMC is raising the stakes for contractors, as binding documentation and security requirements invite greater scrutiny—making integration into existing governance essential. Read the full article in the 2026 Technology Transactions & Data Privacy Annual Report. 
Read More